U.S. Bank Hacks Expand; Regions Financial Hit

Attacks by self-described Muslim hackers, now in their fourth week, hit Regions Financial Thursday. Hacking campaign has also disrupted Capital One and SunTrust banking websites.

Regions Financial Thursday became the latest U.S. bank to have its website attacked and disrupted by self-described Muslim hackers, as part of their ongoing "Operation Ababil" online attack campaign.

"We are experiencing an Internet service disruption that is intermittently impacting our customers' ability to access our website or use our online banking service," said Regions Financial spokesman Mel Campbell Thursday in a statement, according to news reports. "We are working quickly to resolve this issue and regret any inconvenience customers may be experiencing."

Early Friday morning, the Regions website appeared to still be inaccessible, but by later in the day, it appeared to once again be available. A spokesman for Regions didn't immediately respond to an emailed query about exactly when the attack against the bank's website had begun, or how long it had lasted.

Capital One spokeswoman Pam Garardo said via email that on Oct. 9, Capital One experienced intermittent access to some online systems due to a denial-of-service attack. She emphasized that other bank channels--branches, call centers, ATMs, as well as its ING Direct and HSBC credit card websites--were not affected, and that no customer or account information had been exposed. "Online servicing channels were fully restored within a few hours," she said.

In the case of SunTrust, Fox Business reported Wednesday that when attempting to log on, some customers have been complaining of receiving one of two error messages: 'Server Unavailable' or 'Server is too busy. According to news reports, a SunTrust spokesman said Wednesday, "We have seen increased traffic today and have experienced some intermittent service availability."

As of Friday, however, the bank's website appeared to be fully accessible. SunTrust spokesman Mike McCoy, when asked via email about exactly when the attacks had begun and ended, replied, "We are not commenting further on the matter as we typically don't comment on security-related matters."

As with recent similar attacks, all three bank attacks had been announced in advance via a Pastebin post--the latest uploaded Monday--by a group calling itself the Izz ad-Din al-Qassam Cyber Fighters.

According to The New York Times, the name of the hacking--or hacktivist--group references "Izz ad-Din al-Qassam, a Muslim holy man who fought against European forces and Jewish settlers in the Middle East in the 1920s and 1930s." The hackers said they've launched their banking attacks in retaliation for the release of the "Innocence of Muslims" film that mocks the founder of Islam. A 13-minute clip of the film was uploaded last month to YouTube.

The film has been attributed to Nakoula Basseley Nakoula (a.k.a. Mark Basseley Youssef), 55, who appeared Wednesday in Los Angeles U.S. District Court. Federal prosecutors had accused Nakoula of eight violations of his probation, stemming from a 2010 conviction on bank fraud charges, which could see him returned to prison for two years. He was arrested Sept. 28 for the alleged parole violations, which include using aliases, using a computer without supervision, and lying to his probation officer. But in his court appearance, Nakoula denied all of the charges against him. He's next due back in court Nov. 9.

Attackers' apparent motivations aside, do the bank website disruptions herald a new era in online attacks? "A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyze the nation," said Secretary of Defense Leon Panetta Thursday, in a speech at a black-tie event held by the Business Executives for National Security on the Intrepid Sea, Air and Space Museum in New York.

"In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called 'distributed denial-of-service' attacks," he said. "These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed was unprecedented."

But security firm Prolexic, which has been tracking the tools and techniques used in the banking website disruptions, begged to differ with Panetta's analysis. "These are big, but we've seen this big before," said Neal Quinn, chief operating officer of Prolexic, told Wired. "We've seen events this big in the past."

Still, the attacks have been notable because even with attackers' prior warning, they've managed to disrupt the websites of some of the country's largest financial firms, including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. As that skill and sophistication suggest, the bank attacks haven't been launched by just one individual, or using a single tool, but rather by multiple well-organized groups wielding a variety of tools, according to Prolexic.

"A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks," said Prolexic president Stuart Scholly in an emailed statement. The company has also found that the compromised servers used by attackers appear to have been taken over--again, using a variety of different toolkits and techniques--as far back as May 2012, which further suggests that the attack participants were diverse, and the exploits well-organized.

Cybercriminals are taking aim at your website. Is your security strategy up to the challenge? Also in the new, all-digital 10 Steps To E-Commerce Security issue of Dark Reading: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious. (Free registration required.)

Panetta used the attacks on ICS (Industrial Control Systems) as a warning to the US business community that similar attacks are imminent. It is also a calling for US business to embrace stalled cyber security legislation that has been bouncing around the House and Senate over the past 2+ years.

Companies have been reluctant, fearing legal repercussions for non-compliance and/or sharing sensitive information. And for those companies which worry about not complying with what is a pretty low bar of cyber security best practices -- too bad! They should be doing that already. I've long supported this cyber security bill and continue to do so -- now more than ever. HereGÇÖs another interesting article on this matter: http://blog.securityinnovation...

I guess you really don't care since it made sure I read your article and noticed a couple of your ads, but there is a bank in the USA called US Bank and your headline made it sound like this bank had been under attack for several days. This sort of poor headline wording could cause heart palpitations in people that are just returning to work from an 8 day, mostly disconnected, vacation in Florida.

According to the statement "Capital One spokeswoman Pam Garardo said via email that on Oct. 9, Capital One experienced intermittent access to some online systems due to a denial-of-service attack. She emphasized that other bank channels--branches, call centers, ATMs, as well as its ING Direct and HSBC credit card websites--were not affected, and that no customer or account information had been exposed. 'Online servicing channels were fully restored within a few hours,' she said." I had a different experience. I could not get my online information or do anything until the next day. I received emails from the system but that was all that I could do electronically.

I wonder if the film is the real reason, or if it's a pretext. They could, after all, make the very same attacks on the pretext that they're U.S. banks and the U.S. is the Great Satan. They could even do it on the grounds that, like all western banks, they charge interest on loans, which Islam teaches is sinful.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.